Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 177
    • Merge Requests 177
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #12140

Closed
Open
Opened Nov 26, 2020 by Alicha CH@alichaReporter2 of 2 tasks completed2/2 tasks
  • Report abuse
  • New issue
Report abuse New issue

libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708)

An issue was discovered in libvncserver-0.9.12. There is a divide by zero in rfbSendRectEncodingRaw function in libvncserver/rfbserver.c. Attackers can launch a denial of service attack by sending a special message to the VNC server.

Fixed In Version:

libvncserver 0.9.13

Reference:

  • https://github.com/LibVNC/libvncserver/issues/409
  • https://security-tracker.debian.org/tracker/CVE-2020-25708

Patch:

https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba

Affected branches:

  • master (a522ceff)
  • 3.12-stable (bd5545fe)

secfixes comment needs update

Edited Nov 26, 2020 by Natanael Copa
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
3
Labels
edge tag:security v3.12
Assign labels
  • View project labels
Reference: alpine/aports#12140